podman: added openobserve podman service

options/podman.nix

@@ -12,6 +12,7 @@ in
     redmage.enable = lib.mkEnableOption "redmage podman";
     redmage-demo.enable = lib.mkEnableOption "redmage-demo podman";
     qbittorrent.enable = lib.mkEnableOption "qbittorrent podman";
+    openobserve.enable = lib.mkEnableOption "openobserve podman";
 
     servarr = {
       enable = mkEnableOption "servarr group";

profiles/homeserver.nix

@@ -36,6 +36,7 @@
       servarr.recyclarr.enable = true;
       servarr.real-debrid-manager.enable = false;
       servarr.rdtclient.enable = true;
+      openobserve.enable = true;
     };
 
     docker = {

secrets/openobserve.yaml

@@ -0,0 +1,22 @@
+openobserve:
+    env: ENC[AES256_GCM,data:c7XB9h82qCaV8MWTibJ2DUAjCDEgtjNvXi8B4tLfiJcws7Wfhhh5HQHiy/2Yc4q0h9QcQ9U/WNB05RVdX76H5UTsM7d9SbpG3/NW8d3yyiJlIZ7b/e4l3LD0HEM=,iv:pUcZ2S6mmFncs14HcRwEGSNh+/dz3Ut9M0kWVJwVkck=,tag:279V8olra+A1reKtZHnelQ==,type:str]
+sops:
+    kms: []
+    gcp_kms: []
+    azure_kv: []
+    hc_vault: []
+    age:
+        - recipient: age1kruum2varzua7w5n6n52vhwyek2arc685rhcwt0u7k2jf5mecsjslkl9ll
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBZRmg5YURIdVNMVUFGbTNM
+            eXdWR0R1N09RMm4vSjRvUmw1VkV0SEFtN2s4CkhCcXgyNHFTU0hwMnNYdG5Sam9j
+            R21jcDY2MEhtVnZBckpsc010OEVqZmsKLS0tIDZtRmgzRWJZc1NLVVM0dkpwbUpL
+            Mk1OU0htcGIrWkUzdzFPZUxYb1JyeDAKQjXadi43Wr4yA89HDLsWACrHeUn265zG
+            qIU/QU6aO7bgoyflQfoppwD6bSqVrJMcTnTujIRA4xDtmCfNnP2cFQ==
+            -----END AGE ENCRYPTED FILE-----
+    lastmodified: "2024-07-15T07:57:57Z"
+    mac: ENC[AES256_GCM,data:uY2pxpgCxOBlj2gGS+/CQ9u0pe6gYlMXlaLKfHjZwJyzAeLjKAE2DLxQVDxx1z2jxx9FoaBnmVEwIgZ399Nk0Ale8ZlN63nduzycTb0kY1Vq8+tNC5Z+LEBe6p54ORmAHQUpUpK8zG72tg3djqH4D3Lm/cyiDegp14PcmK3xRuM=,iv:EJY4zl+vuWR6GJOulF7XLhSBlwSZgq9u2BMLRPR74m0=,tag:1JU2MToCFisIqp1BC/2oNw==,type:str]
+    pgp: []
+    unencrypted_suffix: _unencrypted
+    version: 3.8.1

system/podman/default.nix

@@ -41,12 +41,13 @@ in
   # 10.88.0.6 -> Suwayomi Flaresolverr
   # 10.88.1.1 -> Pihole
   imports = [
+    ./openobserve.nix
     ./pihole.nix
     ./qbittorrent.nix
     ./redmage-demo.nix
     ./redmage.nix
+    ./servarr
     ./suwayomi.nix
     ./ytptube.nix
-    ./servarr
   ];
 }

system/podman/openobserve.nix

@@ -0,0 +1,53 @@
+{ config, lib, ... }:
+let
+  name = "openobserve";
+  podman = config.profile.podman;
+  inherit (lib) mkIf;
+  ip = "10.88.99.1";
+  image = "public.ecr.aws/zinclabs/openobserve:latest";
+  rootVolume = "/nas/podman/openobserve";
+  domain = "${name}.tigor.web.id";
+  user = config.profile.user;
+  uid = toString user.uid;
+  gid = toString user.gid;
+in
+{
+  config = mkIf (podman.enable && podman.${name}.enable) {
+    services.caddy.virtualHosts.${domain}.extraConfig = ''
+      reverse_proxy ${ip}:5080
+    '';
+
+    system.activationScripts."podman-${name}" = ''
+      mkdir -p ${rootVolume}/data
+      chown ${uid}:${gid} ${rootVolume} ${rootVolume}/data
+    '';
+
+    sops.secrets."openobserve/env".sopsFile = ../../secrets/openobserve.yaml;
+
+    virtualisation.oci-containers.containers.${name} = {
+      inherit image;
+      hostname = name;
+      autoStart = true;
+      user = "${uid}:${gid}";
+      environment = {
+        TZ = "Asia/Jakarta";
+        ZO_DATA_DIR = "/data";
+        ZO_WEB_URL = "https://${domain}";
+      };
+      volumes = [
+        "${rootVolume}/data:/data"
+      ];
+      extraOptions = [
+        "--network=podman"
+        "--ip=${ip}"
+      ];
+      environmentFiles = [
+        config.sops.secrets."openobserve/env".path
+      ];
+      labels = {
+        "io.containers.autoupdate" = "registry";
+      };
+    };
+  };
+
+}